package zsc.ruanc.practicaltraining.security.Filter;


import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import zsc.ruanc.practicaltraining.mapper.UserMapper;
import zsc.ruanc.practicaltraining.model.domain.TUser;
import zsc.ruanc.practicaltraining.security.exception.SAuthenticationException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;

public class SUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {


    @Autowired
    private UserMapper userMapper;

    @Override
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException {
        String method = request.getContentType();
        System.out.println(method);


        if (method.equalsIgnoreCase(MediaType.APPLICATION_JSON_VALUE) || method.equalsIgnoreCase(MediaType.APPLICATION_JSON_UTF8_VALUE)) {

            ObjectMapper mapper = new ObjectMapper();
            UsernamePasswordAuthenticationToken authRequest = null;
            //取authenticationBean
            Map<String, String> authenticationBean = null;
            //用try with resource，方便自动释放资源
            try (InputStream is = request.getInputStream()) {
                authenticationBean = mapper.readValue(is, Map.class);
            } catch (IOException e) {
                //将异常放到自定义的异常类中
                throw  new SAuthenticationException(e.getMessage());
            }
            try {
                if (!authenticationBean.isEmpty()) {
                    //获得账号、密码
                    String email = authenticationBean.get("email");
                    String password = authenticationBean.get(SPRING_SECURITY_FORM_PASSWORD_KEY);
                    //可以验证账号、密码
                    //System.out.println("username = " + username);
                    //System.out.println("password = " + password);

                    TUser login = userMapper.login(email, password);


                    //检测账号、密码是否存在
                    if (login != null) {

                        //将账号、密码装入UsernamePasswordAuthenticationToken中
                        authRequest = new UsernamePasswordAuthenticationToken(login.getUsername(), password);
                        setDetails(request, authRequest);
                        return this.getAuthenticationManager().authenticate(authRequest);
                    } else {
                        throw new SAuthenticationException("账号或密码错误");
                    }

                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new SAuthenticationException(e.getMessage());
            }
            return null;
        } else {
            throw new SAuthenticationException("不接受的请求");
        }
    }



}
